Pentera Labs discovered CVE-2022-22948, an information disclosure flaw in VMware vCenter affecting over 500,000 appliances. Any low-privileged user in the “cis” group could access plaintext PostgresDB credentials from vcdb.properties, enabling queries that exposed the high-privileged “vpxuser” account. Researchers reverse-engineered the password creation process, finding it encrypted with AES-256-CBC using a static key stored in symkey.dat. By chaining this with a privilege escalation flaw (CVE-2021-22015), they decrypted the password and gained root SSH access to ESXi servers, allowing full takeover. VMware patched the vulnerability, advising immediate updates.

Join for free to read